Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Package search: unable to get local issuer certificate #958

Open
5 tasks done
ToBoMi opened this issue Mar 18, 2024 · 5 comments
Open
5 tasks done

Package search: unable to get local issuer certificate #958

ToBoMi opened this issue Mar 18, 2024 · 5 comments
Labels
bug Something isn't working

Comments

@ToBoMi
Copy link

ToBoMi commented Mar 18, 2024
edited

Thanks in advance for your bug report!

  • Have you reproduced issue in safe mode?
  • Have you used the debugging guide to try to resolve the issue?
  • Have you checked our FAQs to make sure your question isn't answered there?
  • Have you checked to make sure your issue does not already exist?
  • Have you checked you are on the latest release of Pulsar?

What happened?

The package search in pulsar cannot find packages because of missing certificates.
Error is: unable to get local issuer certificate

image

I am in a corporate network and there are special (self-signed?) certificates.

Downloading and installing packages works by passing NODE_EXTRA_CA_CERTS as environmental variable to pulsar (more on this here.
While this solves the package downloading issue it does not solve the searching issue - should it?

Pulsar version

1.114.2024031604

Which OS does this happen on?

🪟 Windows

OS details

Version 10

Which CPU architecture are you running this on?

x86_64/AMD64

What steps are needed to reproduce this?

Doesn't make sense, since I don't know how the corporate network was created in detail.

Additional Information:

First install ever for me, user installation
@ToBoMi ToBoMi added the bug Something isn't working label Mar 18, 2024
@confused-Techie
Copy link
Member

Thanks for reporting this issue.

I'd highly recommend taking a look at the proxy PPM setup to see if you can apply it to your setup. As that's commonly what's required on a enterprise network setup like that.

@ToBoMi
Copy link
Author

ToBoMi commented Mar 19, 2024

I did already.
It suggests to set SSL to false and setup proxy settings.

Proxy

I played with various proxy server settings, which doen't make sense here - since there is no proxy in between. The proxy script sould™ return DIRECT because for the URL of pulsar packages no proxy is in that script.

SSL

I can disable strict-ssl and it has an effect on the installation of packages, but not on the search.
Disabling SSL makes me able to install the suggested packages without telling pulsar (ppm more precisely) where to find certificates.
Enabling SSL and telling pulsar (ppm) where to find certificates and I can even install the suggested packages with SSL enabled.

Searching for packages that I would like to install is unaffected by all these settings.
That is why I reach out to the devs. It seems certificate handling is different for package installation and package search.

@ToBoMi
Copy link
Author

ToBoMi commented Mar 20, 2024

Can I somehow find out what is going on here? Are there logs?
The developer tools (console) do not show anything when starting the search.

@confused-Techie
Copy link
Member

Sorry for lag, I've been trying to do some investigation on our end.

But here's some further details that might be helpful in troubleshooting.

When you install a package, the request is being made directly to GitHub to download the source code of the package. So it seems that GitHub is able to work with your corporate proxy settings.

Meanwhile when you search for packages that's only hitting the PPR (Pulsar Package Repository) which is hosted in GCP, which doesn't seem to like the corporate proxy settings.

As for logging, yeah the request itself is made by the CLI utility PPM, not the actual Pulsar application, that's why DevTools doesn't show anything useful. By running PPM in the command line you may be able to get more errors detailing what's going wrong.

Otherwise if we could coordinate like privately messaging on Discord, or if you could let me be aware of a unique search that you could make, such as your username, I could then try to check the logs on our end to see if I can find out any more.

@ToBoMi
Copy link
Author

ToBoMi commented Mar 22, 2024

Meanwhile when you search for packages that's only hitting the PPR (Pulsar Package Repository) which is hosted in GCP, which doesn't seem to like the corporate proxy settings.

I think that the certificate error is not a problem in general with the URL of the PPR because ...

By running PPM in the command line you may be able to get more errors detailing what's going wrong.

in the cmd (Windows) I can search using ppm even without setting the certificates through NODE_EXTRA_CA_CERTS (makes sense here, since ppm is not a Node app I think) :

image

When I start Pulsar from that cmd and search for packages - which in turn should start ppm - it is unable to find packages: unable to get local issuer certificate - certificate problem or in other words: doesn't find the needed certificates.

Summary

I think Pulsar is getting certificates through NODE_EXTRA_CA_CERTS and because of that it can install things directly when the package is listed (didn't know that it uses github directly instead of ppm before) - that's what was already known.

Why does the search which is started from Pulsar UI - through ppm - not finding the certificates although it works thourgh ppm in general through the command line?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@confused-Techie @ToBoMi